[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Server hacked via FTP hack... need help...

To: seul-edu@seul.org
Subject: Re: [seul-edu] Server hacked via FTP hack... need help...
From: Paul Bauer <paul@shorttermwhat.com>
Date: Fri, 3 May 2002 10:39:15 -0700
Delivered-To: archiver@seul.org
Delivered-To: seul-edu-outgoing@seul.org
Delivered-To: seul-edu@seul.org
Delivery-Date: Fri, 03 May 2002 13:39:18 -0400
In-Reply-To: <5.1.0.14.2.20020503133300.01b40c98@email.psu.edu>; from ryanbooz@psu.edu on Fri, May 03, 2002 at 01:34:41PM -0400
References: <5.1.0.14.2.20020503104521.01ba5360@email.psu.edu> <5.1.0.14.2.20020503104521.01ba5360@email.psu.edu> <20020503155306.GY21051@sanctuary.nslug.ns.ca> <5.1.0.14.2.20020503133300.01b40c98@email.psu.edu>
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org
User-Agent: Mutt/1.2.5i

OpenBSD is the most secure.  You can tighten up some of the others but it isn't as secure by default.   If this is just serving up sites and information you may want to make tha change.  If linux is required...I am not very helpfull on which is the most secure.  Sorry.

On Fri, May 03, 2002 at 01:34:41PM -0400, Ryan Booz wrote:
> Thank you everyone again for your help.  The attributes were changed.  I 
> was able to delete major stuff and shutdown all outside connections.  The 
> man at the school then took it offline.  I'm going over in the morning to 
> replace.
> 
> my first experience with being hacked.  not fun.  definitely want to stop 
> it from happening again... as best I can.
> 
> Any opinions on which distro is "most" patched.
> 
> thanks.
> ryan
> 
> At 12:53 PM 5/3/2002 -0300, you wrote:
> >On Fri, May 03, 2002 at 11:01:12AM -0400, Ryan Booz wrote:
> > > Although root appears to have control of the file (with FTP as
> > > group now), I can't do anything with it.  Any suggestions on how I can get
> > > this stuff corrected and get ssh back up and running?
> >
> >It is likely that the file has the "immutable" bit set, a common ploy
> >to try to prevent the victim from undoing the damage.  See "man chattr".
> >However, as others have pointed out, a fresh install, with a data recovery
> >on top of that is probably the best way to proceed at this point.
> >
> >Ben
> >--
> >     nSLUG       http://www.nslug.ns.ca      synrg@sanctuary.nslug.ns.ca
> >     Debian      http://www.debian.org       synrg@debian.org
> >[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
> >[ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]
> 
> Ryan J. Booz
> Information Technology Associate
> Training Services, ITS@Penn State
> http://cac.psu.edu/training
> 224B Computer Building
> University Park, PA 16802-2101
> Office: 814-863-7491
> Fax: 814-863-7049
> 

-- 
#########################################
#Microsoft: Where do you want to go today?
#Linux: Where do you want to go tomorrow?
#BSD: Are you guys coming or what?

Follow-Ups:
- Re: [seul-edu] Server hacked via FTP hack... need help...
  - From: "Jeremy C. Reed" <reed@reedmedia.net>
- Re: [seul-edu] Server hacked via FTP hack... need help...
  - From: "Kyle Hutson" <smyle@rockcreek.k12.ks.us>

References:
- [seul-edu] Server hacked via FTP hack... need help...
  - From: Ryan Booz <ryanbooz@psu.edu>
- Re: [seul-edu] Server hacked via FTP hack... need help...
  - From: Ben Armstrong <synrg@sanctuary.nslug.ns.ca>
- Re: [seul-edu] Server hacked via FTP hack... need help...
  - From: Ryan Booz <ryanbooz@psu.edu>

Prev by Date: Re: [seul-edu] Server hacked via FTP hack... need help...
Next by Date: Re: [seul-edu] Server hacked via FTP hack... need help...
Prev by thread: Re: [seul-edu] Server hacked via FTP hack... need help...
Next by thread: Re: [seul-edu] Server hacked via FTP hack... need help...
Index(es):
- Date
- Thread